diff --git a/src/etcp_connections.c b/src/etcp_connections.c
index 85d015d..598d570 100644
--- a/src/etcp_connections.c
+++ b/src/etcp_connections.c
@@ -842,21 +842,85 @@ int init_connections(struct UTUN_INSTANCE* instance) {
             
             client_link = client_link->next;
         }
+        // Initialize crypto context for this connection
+        if (sc_init_ctx(&etcp_conn->crypto_ctx, &instance->my_keys) != SC_OK) {
+            DEBUG_ERROR(DEBUG_CATEGORY_CRYPTO, "init_connections: failed to initialize crypto context for client %s", client->name);
+            etcp_connection_close(etcp_conn);
+            client = client->next;
+            continue;
+        }
+        // If client has peer public key configured, set it
+        if (strlen(client->peer_public_key_hex) > 0) {
+            // For now, set peer node ID to indicate we have peer key
+            // The actual peer key will be exchanged during connection establishment
+            etcp_conn->peer_node_id = 1; // Simple indicator
+            
+            DEBUG_INFO(DEBUG_CATEGORY_CRYPTO, "init_connections: setting peer public key for client %s", client->name);
+            // Set peer public key (assuming hex format)
+            if (sc_set_peer_public_key(&etcp_conn->crypto_ctx, client->peer_public_key_hex, 1) != SC_OK) {
+                DEBUG_ERROR(DEBUG_CATEGORY_CRYPTO, "init_connections: failed to set peer public key for client %s", client->name);
+            } else {
+                DEBUG_INFO(DEBUG_CATEGORY_CRYPTO, "init_connections: successfully set peer public key for client %s", client->name);
+            }
+        } else {
+            DEBUG_WARN(DEBUG_CATEGORY_CONFIG, "init_connections: no peer public key configured for client %s", client->name);
+        }
         
-        // Add connection to instance's connection list and increment counter
-        if (etcp_conn) {
-            DEBUG_ERROR(DEBUG_CATEGORY_CONNECTION, "Adding connection %p to instance list", etcp_conn);
+        // Create links for this client
+        while (client_link) {
+            // Find the local server for this link
+            struct CFG_SERVER* local_server = client_link->local_srv;
+            if (!local_server) {
+                client_link = client_link->next;
+                continue;
+            }
+            
+            // Find the socket for this server
+            struct ETCP_SOCKET* e_sock = NULL;
+            struct ETCP_SOCKET* sock = instance->etcp_sockets;
+            while (sock) {
+                if (sock->local_addr.ss_family == local_server->ip.ss_family) {
+                    if (sock->local_addr.ss_family == AF_INET) {
+                        struct sockaddr_in* sock_addr = (struct sockaddr_in*)&sock->local_addr;
+                        struct sockaddr_in* srv_addr = (struct sockaddr_in*)&local_server->ip;
+                        if (sock_addr->sin_addr.s_addr == srv_addr->sin_addr.s_addr && 
+                            sock_addr->sin_port == srv_addr->sin_port) {
+                            e_sock = sock;
+                            break;
+                        }
+                    }
+                }
+                sock = sock->next;
+            }
+            
+            if (!e_sock) {
+                DEBUG_ERROR(DEBUG_CATEGORY_ETCP, "No socket found for client %s link", client->name);
+                client_link = client_link->next;
+                continue;
+            }
             
-            etcp_conn->next = instance->connections;
-            instance->connections = etcp_conn;
-            instance->connections_count++;
+            // Create link for this client connection
+            struct ETCP_LINK* link = etcp_link_new(etcp_conn, e_sock, &client_link->remote_addr, 0); // 0 = client initiates
+            if (!link) {
+                DEBUG_ERROR(DEBUG_CATEGORY_ETCP, "Failed to create link for client %s", client->name);
+                client_link = client_link->next;
+                continue;
+            }
+            DEBUG_INFO(DEBUG_CATEGORY_CONNECTION, "Created link %p for client %s, socket=%p", 
+                       link, client->name, e_sock);
             
-            DEBUG_ERROR(DEBUG_CATEGORY_CONNECTION, "Added connection %p to instance, total count: %d", etcp_conn, instance->connections_count);
-        } else {
-            DEBUG_ERROR(DEBUG_CATEGORY_CONNECTION, "No etcp_conn to add for client %s", client->name);
+            client_link = client_link->next;
         }
         
-        client = client->next;
+        // Add connection to instance's connection list only after all validations pass
+        // This prevents double-free when cleanup tries to free connections that were freed during failed initialization
+        DEBUG_ERROR(DEBUG_CATEGORY_CONNECTION, "Adding connection %p to instance list", etcp_conn);
+        
+        etcp_conn->next = instance->connections;
+        instance->connections = etcp_conn;
+        instance->connections_count++;
+        
+        DEBUG_ERROR(DEBUG_CATEGORY_CONNECTION, "Added connection %p to instance, total count: %d", etcp_conn, instance->connections_count);
     }
     
     // If there are clients configured but no connections created, that's an error